The problem can be corrected by upgrading the affected package toversion 4:3.4.0-0ubuntu3.5 (for Ubuntu 5.04), or 4:3.4.3-0ubuntu2 (forUbuntu 5.10). After a standard system upgrade you need to restartyour KDE session to effect the necessary changes.

Details follow:

Maksim Orlovich discovered that kjs, the Javascript interpreter engineused by Konqueror and other parts of KDE, did not sufficiently verifythe validity of UTF-8 encoded URIs. Specially crafted URIs couldtrigger a buffer overflow. By tricking an user into visiting aweb site with malicious JavaScript code, a remote attacker couldexploit this to execute arbitrary code with user privileges.